The AI Engine plugin for WordPress contains a stored cross‑site scripting flaw that is triggered when an authenticated user supplies a malicious value to the 'id' parameter of the mwai_chatbot shortcode. The lack of input sanitization and output escaping permits arbitrary JavaScript to be saved to a page, which is then executed whenever that page is viewed by any site visitor. An attacker with at least Subscriber privileges can thus inject scripts that can deface the site, steal credentials, or facilitate further malicious activity.

All installations of the AI Engine – The Chatbot, AI Framework & MCP for WordPress up to and including version 2.8.4 are affected. This includes any WordPress sites that have placed the mwai_chatbot shortcode on a page or post and have enabled it for users with Subscriber or higher roles. Any WordPress site that installs this plugin within the specified version range is at risk.

The CVSS score of 5.4 classifies the issue as medium severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog, so there are currently no documented active exploits. However, because the flaw allows stored malicious scripts, a credentialed attacker who can add or edit content can permanently compromise the user experience. The attack vector is via legitimate authenticated access; a malicious Subscriber can inject payloads that persist across all viewers of the affected page.